Introduction

This article describes an update that adds new Best Practices Analyzer (BPA) rules. The rules are for DirectAccess on the servers that are running Windows Server 2012 R2 or Windows Server 2012.

The following rules are added:

Checks whether the Domain Name System (DNS) address that is used for internal network resources is correct. If the internal interface of the DirectAccess server has only an IPv4 address, the DNS server that is configured in the Name Resolution Policy Table (NRPT) must be the DNS64 address.

Gives a warning if the option that enables DirectAccess for Windows 7 clients is not selected.

Returns an error if the DirectAccess server is also a domain controller.

Returns an error if both force tunneling and Kerberos authorization are configured on the DirectAccess server.

Returns an error if the AcceptInterface parameter for DNS64 does not use the same IP address as the one that is used for DNS64.

If DirectAccess is configured by using the Remote Access Management user interface, checks whether DirectAccess policies are configured on the server.

Gives a warning if any certificate that can be used on the DirectAccess server has subject alternative names (SANs) but no subject name.

Provides information if the order of the Internal network interface is below the Internet network interface in Adapters and Bindings.

Gives a warning if the private key of the IP-HTTPS certificate does not exist on the server when the certificate is used.

Gives a warning if the DirectAccess client security group includes desktop computers.

Sends an HTTP request to test whether the certificate revocation list (CRL) field in the IP-HTTPS certificate that is configured on the DirectAccess server is valid. If the request fails, a warning is displayed. This test is only required when Windows 7 clients are configured for DirectAccess.

Sends an HTTP request to test whether the CRL field in the network location server certificate that is configured on the DirectAccess server is valid. If the request fails, a warning is displayed. This test is only required when Windows 7 clients are configured for DirectAccess, and when NLS is deployed on the DirectAccess server.

Checks whether an Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) router or load balancing is configured on the network. If this is the case, checks the DNS records for ISATAP. The DNS server should have the records for the internal dynamic IP (DIP) of the server and for the internal virtual IP of the load balancer.

Checks whether the email address field is configured for Network Connectivity Assistant.

Checks whether the default gateway is configured on the Internet interface instead of on the Internal interface. If the check fails, a warning is displayed.

Gives a warning if NRPT exemptions are configured when force tunneling is deployed.

Makes sure that probes other than Internet Control Message Protocol (ICMP) probes are configured in NCA.

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Prerequisites

To apply this update, you must be running Windows Server 2012 R2 or Windows Server 2012.

Registry information

To apply this update, you do not have to make any changes to the registry.

Restart requirement

You do not have to restart the computer after you apply this update.

Update replacement information

The global version of this update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

Windows Server 2012 R2 file information notes

The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows Server 2012" section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are extremely important to maintain the state of the updated components. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.

For all supported x64-based versions of Windows Server 2012 R2

File name

File version

File size

Date

Time

Platform

Remoteaccessserver.psd1

Not applicable

240,920

05-May-2014

12:25

Not applicable

Remoteaccessserver.psd1

Not applicable

264,000

05-May-2014

12:30

Not applicable

Remoteaccessserver.psd1

Not applicable

226,022

05-May-2014

04:43

Not applicable

Remoteaccessserver.psd1

Not applicable

256,944

05-May-2014

12:24

Not applicable

Remoteaccessserver.psd1

Not applicable

254,634

05-May-2014

12:24

Not applicable

Remoteaccessserver.psd1

Not applicable

248,586

05-May-2014

12:22

Not applicable

Remoteaccessserver.psd1

Not applicable

248,442

05-May-2014

12:23

Not applicable

Remoteaccessserver.psd1

Not applicable

160,076

05-May-2014

12:14

Not applicable

Remoteaccessserver.psd1

Not applicable

148,722

05-May-2014

12:15

Not applicable

Remoteaccessserver.psd1

Not applicable

246,636

05-May-2014

12:21

Not applicable

Remoteaccessserver.psd1

Not applicable

251,370

05-May-2014

12:27

Not applicable

Remoteaccessserver.psd1

Not applicable

250,130

05-May-2014

12:24

Not applicable

Remoteaccessserver.psd1

Not applicable

248,718

05-May-2014

12:27

Not applicable

Remoteaccessserver.psd1

Not applicable

234,588

05-May-2014

12:24

Not applicable

Remoteaccessserver.psd1

Not applicable

225,834

05-May-2014

12:33

Not applicable

Remoteaccessserver.psd1

Not applicable

226,866

05-May-2014

12:30

Not applicable

Remoteaccessserver.psd1

Not applicable

117,678

05-May-2014

12:30

Not applicable

Remoteaccessserver.psd1

Not applicable

123,370

05-May-2014

12:30

Not applicable

Remoteaccessserver.psd1

Not applicable

123,370

05-May-2014

12:31

Not applicable

Bpahelper.ps1

Not applicable

96,243

22-Jan-2014

00:14

Not applicable

Manifest.psd1

Not applicable

1,268

22-Jan-2014

00:14

Not applicable

Remoteaccessserver.ps1

Not applicable

929,626

05-May-2014

03:27

Not applicable

Remoteaccessserver.sch

Not applicable

438,906

10-Apr-2014

22:07

Not applicable

Remoteaccessserver.xsd

Not applicable

59,026

10-Apr-2014

22:07

Not applicable

Webapplicationproxybpa.ps1

Not applicable

16,260

25-Jun-2013

02:22

Not applicable

Windows Server 2012 file information notes

The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows Server 2012" section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are extremely important to maintain the state of the updated components. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.

For all supported x64-based versions of Windows Server 2012

File name

File version

File size

Date

Time

Platform

Remoteaccessserver.psd1

Not applicable

124,552

07-Nov-2013

08:29

Not applicable

Remoteaccessserver.psd1

Not applicable

136,420

07-Nov-2013

04:16

Not applicable

Remoteaccessserver.psd1

Not applicable

117,232

07-Nov-2013

04:16

Not applicable

Remoteaccessserver.psd1

Not applicable

133,522

07-Nov-2013

04:16

Not applicable

Remoteaccessserver.psd1

Not applicable

132,576

07-Nov-2013

04:16

Not applicable

Remoteaccessserver.psd1

Not applicable

133,108

07-Nov-2013

07:23

Not applicable

Remoteaccessserver.psd1

Not applicable

127,894

07-Nov-2013

09:31

Not applicable

Remoteaccessserver.psd1

Not applicable

81,814

07-Nov-2013

04:16

Not applicable

Remoteaccessserver.psd1

Not applicable

75,370

07-Nov-2013

07:02

Not applicable

Remoteaccessserver.psd1

Not applicable

125,466

07-Nov-2013

08:25

Not applicable

Remoteaccessserver.psd1

Not applicable

131,068

07-Nov-2013

07:04

Not applicable

Remoteaccessserver.psd1

Not applicable

131,400

07-Nov-2013

07:09

Not applicable

Remoteaccessserver.psd1

Not applicable

128,320

07-Nov-2013

07:09

Not applicable

Remoteaccessserver.psd1

Not applicable

123,726

07-Nov-2013

09:13

Not applicable

Remoteaccessserver.psd1

Not applicable

116,356

07-Nov-2013

08:47

Not applicable

Remoteaccessserver.psd1

Not applicable

117,552

07-Nov-2013

07:01

Not applicable

Remoteaccessserver.psd1

Not applicable

58,442

07-Nov-2013

08:13

Not applicable

Remoteaccessserver.psd1

Not applicable

62,490

07-Nov-2013

08:50

Not applicable

Remoteaccessserver.psd1

Not applicable

62,490

07-Nov-2013

10:06

Not applicable

Remoteaccessserver.psd1

Not applicable

124,552

07-Nov-2013

02:49

Not applicable

Remoteaccessserver.psd1

Not applicable

136,420

07-Nov-2013

01:46

Not applicable

Remoteaccessserver.psd1

Not applicable

117,232

07-Nov-2013

01:46

Not applicable

Remoteaccessserver.psd1

Not applicable

133,522

07-Nov-2013

01:46

Not applicable

Remoteaccessserver.psd1

Not applicable

132,576

07-Nov-2013

01:46

Not applicable

Remoteaccessserver.psd1

Not applicable

133,108

07-Nov-2013

04:39

Not applicable

Remoteaccessserver.psd1

Not applicable

127,894

07-Nov-2013

02:25

Not applicable

Remoteaccessserver.psd1

Not applicable

81,814

07-Nov-2013

01:54

Not applicable

Remoteaccessserver.psd1

Not applicable

75,370

07-Nov-2013

02:25

Not applicable

Remoteaccessserver.psd1

Not applicable

125,466

07-Nov-2013

04:26

Not applicable

Remoteaccessserver.psd1

Not applicable

131,068

07-Nov-2013

05:08

Not applicable

Remoteaccessserver.psd1

Not applicable

131,400

07-Nov-2013

02:33

Not applicable

Remoteaccessserver.psd1

Not applicable

128,320

07-Nov-2013

04:05

Not applicable

Remoteaccessserver.psd1

Not applicable

123,726

07-Nov-2013

04:08

Not applicable

Remoteaccessserver.psd1

Not applicable

116,356

07-Nov-2013

04:10

Not applicable

Remoteaccessserver.psd1

Not applicable

117,552

07-Nov-2013

02:24

Not applicable

Remoteaccessserver.psd1

Not applicable

58,442

07-Nov-2013

02:36

Not applicable

Remoteaccessserver.psd1

Not applicable

62,490

07-Nov-2013

04:04

Not applicable

Remoteaccessserver.psd1

Not applicable

62,490

07-Nov-2013

02:24

Not applicable

Manifest.psd1

Not applicable

1,268

02-Jun-2012

14:34

Not applicable

Remoteaccessserver.ps1

Not applicable

822,612

06-Nov-2013

23:04

Not applicable

Remoteaccessserver.sch

Not applicable

182,958

06-Nov-2013

23:04

Not applicable

Remoteaccessserver.xsd

Not applicable

28,776

06-Nov-2013

23:04

Not applicable

Manifest.psd1

Not applicable

1,268

02-Jun-2012

14:34

Not applicable

Remoteaccessserver.ps1

Not applicable

822,612

06-Nov-2013

23:08

Not applicable

Remoteaccessserver.sch

Not applicable

182,958

06-Nov-2013

23:08

Not applicable

Remoteaccessserver.xsd

Not applicable

28,776

06-Nov-2013

23:08

Not applicable

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates